Privacy, Safety, Security

IIC discussions explore ways to combine a respect for privacy and protection of personal data and critical information infrastructures, whilst enabling government authorities to protect national security interests. The NSA-Snowden revelations have had a major impact on discussions of privacy. Whereas before the focus was on the relative validity of different security approaches adopted by USA and Europe. In the post-PRISM debate the need to re-build trust towards providers and governments emerges strongly.

German Chancellor, Angela Merkel, has urged Europe to seize control of its data from Silicon Valley tech giants, in an intervention that the Financial Times says highlights the EU’s growing willingness to challenge the US dominance of the digital economy.

Adriana Labardini

Alfredo Rafael Deluque Zuleta (Dr)

Andrew Barendse (Dr)

Angelo Marcello Cardani (Professor )

Talks on Privacy, Safety, Security

A proposal by the UK’s security agency, GCHQ, that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights, reports the Guardian. “In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called ‘ghost protocol’, and instead focus on ‘protecting privacy rights, cybersecurity, public confidence, and transparency’.

Plans to introduce a nationwide age verification system for online pornography have been abandoned by the UK government after years of technical troubles and concerns from privacy campaigners, reports the Guardian.

German Chancellor, Angela Merkel, has urged Europe to seize control of its data from Silicon Valley tech giants, in an intervention that the Financial Times says highlights the EU’s growing willingness to challenge the US dominance of the digital economy.

Google is under investigation by the Australian Competition and Consumer Commission (ACCC) and the country’s Privacy Commissioner following claims that it collects data from millions of Android smartphone users, who unwittingly pay their telecoms service providers for gigabytes consumed by the activity, reports Reuters.

Australia has announced telco regulations that prevent fraudsters from hijacking mobile numbers to access personal and financial information, and reduce phone scams, reports ZDNet. “Under the new industry wide measures, telcos will be required to introduce two-factor authentication, such as inputting a code on a website or responding to a text message, before mobile numbers can be transferred from one provider to another.

Governments in Asia can expand the region’s digital economy and unlock further socio-economic benefits for their citizens by removing unnecessary restrictions on the movement of data internationally, according to a report by the GSMA.

A survey commissioned by the NSPCC, a UK child protection charity, reveals that 9 out of 10 parents support the regulation of social networks to make them legally responsible for protecting children, and 6 out of 10 adults do not think social networks protect children from sexual grooming and inappropriate content like self-harm and suicide.

There has been much discussion recently about the obligations of major internet players, particularly social media networks, to make more strenuous efforts to monitor the activity on their platforms. Welcome as they are, however many moderators the social networks hire, the idea that they can provide full protection for children is no more realistic than suggesting that we place police officers on the corner of every street.

One of the buzz-phrases in the current privacy debate is “privacy by design” or even, “privacy as a design experience”. The essence of this, logically enough, is that privacy should be “designed-in” to a service or product from the outset, rather than have to be bolted on afterwards once the implications have become clear.

In a recent seminar on smart vehicles, one delegate raised his hand and asked the OEMs on the panel, “I want a connected vehicle with all the benefits, but I don’t want you to know where I am”. To which came the reply, “buy a ‘67 Mustang”.

Calls for censorship will become louder if effective action is avoided.

European Commission publishes report on fake news and disinformation

The European Commission’s high-level expert group on fake news and disinformation spread online has produced a report that suggests a definition of the phenomenon and makes a series of recommendations. Read

The EU legislator has proposed banning mandatory non-personal data localisation to help unlock the data economy. While facilitating the free flow of such data within the EU is laudable, the proposal has a number of shortcomings, writes CATHAL FLYNN.

As more people, especially the less well off, have only a smartphone to access the internet, there are signs that a new type of digital divide could develop. Ofcom’s Alison Preston describes new research carried out in the UK.July 2016, Volume 44 Issue 02

Data privacy is rightly among the biggest concerns in the digital age but, as DANIEL SEPULVEDA argues from the industry perspective, a regulatory balance is needed between protection and the success of a data-driven economy.

The technology giants have concentrated power in too few hands, writes SÉBASTIEN SORIANO, chairman of France’s regulator, Arcep. He proposes ‘Robin Hood’ style regulation to redistribute internet wealth to the many.

Julyl 2019, Volume 47 Issue 2

Regulatory Watch articles on Privacy, Safety, Security

Though AI can generate economic growth, and help solve the world’s biggest challenges, the newly appointed European Commission accepts it also needs to deal with the ‘risks’ the new technology brings, writes The Parliament Magazine’s Rajnish Singh.

Inventor of the World Wide Web, Sir Tim Berners-Lee, unveiled the World Wide Web Foundation’s global plan of action, Contract for the Web, at the United Nations Internet Governance Forum in Berlin on 25 November.

German Chancellor, Angela Merkel, has urged Europe to seize control of its data from Silicon Valley tech giants, in an intervention that the Financial Times says highlights the EU’s growing willingness to challenge the US dominance of the digital economy.

Regulation Asia reports that the MAS (Monetary Authority of Singapore) has announced the launch of a new collaboration with the financial industry to create an artificial intelligence framework for financial institutions. This comes as the new National Artificial Intelligence strategy was announced by Singapore’s deputy prime minister Heng Swee Keat at the Singapore FinTech Festival and Singapore Week of Innovation and TeCHnology (SFF x SWITCH) 2019.

Australia has announced telco regulations that prevent fraudsters from hijacking mobile numbers to access personal and financial information, and reduce phone scams, reports ZDNet. “Under the new industry wide measures, telcos will be required to introduce two-factor authentication, such as inputting a code on a website or responding to a text message, before mobile numbers can be transferred from one provider to another.

Germany’s Federal Network Agency, Bundesnetzagentur (BNetzA), is consulting on a revision of the catalogue of security requirements for operating telecoms and data processing systems and for processing personal data. “It is essential to protect information and communication systems against threats. The updated security requirements for telecommunications networks and services play an important role in this,” said Jochen Homann, BNetzA president.

Plans to introduce a nationwide age verification system for online pornography have been abandoned by the UK government after years of technical troubles and concerns from privacy campaigners, reports the Guardian.

Facebook has called on regulators and other experts to answer key questions to help it forge its strategy around protecting user privacy while meeting demand for increased data portability, notes Mobile World Live.

Several French regulators – the competition authority, AMF, Arafer, Arcep, CNIL, CRE and CSA – have held a meeting to draw up a memorandum on data-driven regulation, which they say “creates the ability to make stakeholders more accountable, increases the regulator’s capacity for analysis and makes more information available to users and civil society”.

Singapore’s Economic Development Board (EDB), Enterprise Singapore and the regulator, the Infocomm Media Development Authority (IMDA), have joined forces to establish Digital Industry Singapore (DISG), to better support and capitalise on the growth opportunities for Singapore’s technology sector.

A 19 month project with over 190 expert missions to Georgia comprising Lithuanian, German and Polish experts has helped define secondary legislation and guidelines on communications in line with EU standards for the country.

The Citizen Lab, based at the Munk School of Global Affairs and Public Policy, University of Toronto, has commented on two reports issued by United Nations Special Rapporteurs “that demonstrate the dangerous effects of unchecked technology in the hands of autocrats”...

Removing extremist groups from social media is an effective way of destroying their fan bases, according to a study by the Global Research Network on Terrorism and Technology. As the National reports, the researchers found that radical groups do not necessarily thrive on alternative platforms once they have been removed from the mainstream.

The European Commission has launched the pilot phase of its ethics guidelines for trustworthy artificial intelligence (AI). At the first AI Alliance Assembly, held in Brussels, the High-Level Expert Group on AI announced two developments, including an assessment list for trustworthy AI, developed by a group of 52 independent experts.

The Brazilian Senate has approved a proposal to add protection of data in digital platforms to the list of fundamental rights and individual citizen guarantees set out in the country's constitution, reports ZDNet.

A 19 month project with over 190 expert missions to Georgia comprising Lithuanian, German and Polish experts has helped define secondary legislation and guidelines on communications in line with EU standards for the country.

Britain’s Confederation of British Industry (CBI) has called for a new, independent regulator that can play “a crucial role in building trust in the digital economy”. It says that current proposals risk falling short of the UK government’s ambition to be the best and safest place to build a digital business.

On 13 June 2019, the Court of Justice of the European Union (“CJEU“) published its ruling on the classification of Gmail in the EU following a request for a preliminary ruling from the German Courts. Gmail is a web-based email service, and is a type of “Over-The-Top” (“OTT”) service.

A proposal by the UK’s security agency, GCHQ, that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights, reports the Guardian. “In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called ‘ghost protocol’, and instead focus on ‘protecting privacy rights, cybersecurity, public confidence, and transparency’.

Hadopi, the France’s copyright agency, and Conseil supérieur de l'audiovisuel (CSA), France’s media regulator, have conducted a joint study on the connected speaker market, which is an issue for both institutions. These issues are also of interest to other regulatory authorities, including telecoms regulator, ARCEP, the competition authority, and CNIL, the data privacy agency, which contributed to the work.

The US House Judiciary Committee has launched an investigation into the market dominance of Silicon Valley’s biggest names, starting with a look at the impact of the tech giants’ platforms on news content, the media and the spread of misinformation online, reports Courthouse News.

Top artificial-intelligence researchers are racing to defuse an extraordinary political weapon: computer-generated fake videos that could undermine candidates and mislead voters during the 2020 presidential campaign, reports the Washington Post.

“95% of parents want more information about online safety,” says Australia’s eSafety Commissioner Julie Inman Grant, who has conducted research on parenting in the digital age. The first government agency in the world dedicated to online safety, eSafety produced the report ‘Parenting in the digital age’ to explore the experience of parents and carers raising children in a fast-paced connected world.

On 5 June 2019, the Court of Justice of the EU ("CJEU") published its ruling on the classification of SkypeOut in the EU following a request for a preliminary ruling from the Belgian Courts. Skype is a Voice over IP service ("VoIP") whereas the SkypeOut component is an interconnected VoIP service that allows the service to dial out to landline and mobile numbers.

Rwanda’s government is aiming to regulate social media content, a move which is intended to curb the spread of misinformation, according to the minister for ICT and innovation, Paula Ingabire, as AllAfrica reports.

Sharon White, chief executive of Ofcom, the UK regulator, has said that the small number of equipment suppliers has created systemic risks to the country’s networks that may need to be addressed with regulation. She made the remarks amid tensions with the US over whether Britain will permit equipment from Chinese vendor Huawei to be used for next-generation 5G telecom services, reports Bloomberg.

Russian lawmakers have established “digital rights” in domestic law as the basis for the digital economy, and have also introduced a package of bills to tackle fake news, reports the Global Legal Post.

The UK’s House of Lords has called for the creation of a digital super-regulator to oversee the different bodies charged with safeguarding the internet and replace the “clearly failing” system of self-regulation by big technology companies, reports the Guardian.

A survey commissioned by the NSPCC, a UK child protection charity, reveals that 9 out of 10 parents support the regulation of social networks to make them legally responsible for protecting children, and 6 out of 10 adults do not think social networks protect children from sexual grooming and inappropriate content like self-harm and suicide.

The final report in the UK of the Digital, Culture, Media and Sport select committee’s 18-month investigation into disinformation and fake news has accused Facebook of purposefully obstructing its inquiry and failing to tackle attempts by Russia to manipulate elections, reports the Guardian.

A review by Dame Frances Cairncross into the sustainability of high-quality journalism in the UK has been published, making proposals “designed to encourage new models to emerge, with the help of innovation not just in technology but in business systems and journalistic techniques”.

The advocate general of the European Court of Justice has given his opinion on the “right to be forgotten” conflict between France and Google, and the opinion is relatively simple: France does not have the right to impose its own considerations on a company which operates outside its jurisdiction, notes Telecoms.com.

A recent paper by British academics from Southampton University claims that the internet is splitting into four distinct governance entities. They say that the internet is a fragile construction of hardware, software, standards and databases and is run by an ever-expanding range of private and public actors constrained only by voluntary protocols and subject to political pressure.

A test by noyb, a European non-profit organisation for privacy enforcement, shows violations of privacy law by most streaming services. In more than 10 test cases was able to identify violations of Article 15 of the General Data Protection Regulation (GDPR) by companies including Amazon, Apple, DAZN, Spotify and Netflix, and it has filed 10 strategic complaints against 8 companies.

As of Dec. 21, 2020, the obligations of the current ePrivacy Directive will apply to instant messaging applications, email, internet phone calls and personal messaging provided through social media — collectively, over-the-top services — in addition to traditional telecom providers.

Wireless operators got what they were asking for when the FCC voted 3:1 to deny requests from Twilio and others to classify text messaging services as “telecommunications services”, which would subject them to harsher regulation, reports FierceWireless.

The 2018 Internet Governance Forum (IGF) held in Paris recently saw the first appearance at the annual event of a UN secretary general, and also a speech by Emmanuel Macron, in which he said the internet is “profoundly threatened” by cyber attacks, hate speech and disinformation, and by the internet giants.

The LSE Truth, Trust and Technology Commission at the London School of Economics has published a report, “Tackling the information crisis”, in which the key proposal is for an independent platform agency for the UK that would be a watchdog – rather than a regulator...

French president Emmanuel Macron has insisted that new laws are needed to limit and protect online content and the internet itself, reports the Register. Speaking at the opening ceremony of the annual Internet Governance Forum (IGF) in Paris, Macron made repeated calls for additional regulation, and complained about the “false alternative” of self-regulation or government control.

Giovanni Buttarelli, the European Data Protection Supervisor, has written that a “swarm of misinformation and misunderstanding surrounds the case for revising our rules on the confidentiality of electronic communications, otherwise known as e-privacy.

Nearly half of all cellphone calls in the US next year will come from scammers, according to First Orion, a company that provides phone carriers and their customers caller ID and call blocking technology. The Washington Post reports that the company “projects an explosion of incoming spam calls, marking a leap from 3.7% of total calls in 2017 to more than 29% this year, to a projected 45% by early 2019”

Governments in Asia can expand the region’s digital economy and unlock further socio-economic benefits for their citizens by removing unnecessary restrictions on the movement of data internationally, according to a report by the GSMA.

UK ministers have started drafting proposals for new laws to regulate social media and the internet, according to the Daily Telegraph. “The move has been prompted by widespread consumer concerns over a range of online harms including child abuse, bullying, fake news and internet addiction.

Professor Madeleine de Cock Buning Chairs the High Level Expert Group advising the EU Commission on Fake News and online disinformation and is Chair of The Regulatory Authority to the Media in the Netherlands.

TRAI, India’s telecoms regulator, has said the existing framework for protection of personal data by companies and service providers is insufficient and has recommended stricter rules to tackle data breaches, notes Reuters.

The US is losing ground as the internet’s standard-bearer in the face of aggressive European privacy standards and China’s draconian vision for a tightly controlled web, reports Politico. “The weakening of the American position comes after years of US lawmakers and presidents, including both Donald Trump and Barack Obama, backing the tech industry’s aversion to new regulations.

Amid concerns about increasingly sophisticated online threats, Singapore and France have pledged to beef up cooperation on cybersecurity and exchange ideas on regulatory approaches to safeguarding user data in the digital sphere.

European data regulators have torn up the latest proposal by internet overseer ICANN over its Whois data service, sending the organisation back to the drawing board for a third time, notes the Register.

A human rights campaigner has urged the Malaysian government to form a taskforce of officials and concerned citizens for discussions on changes to the Communications and Multimedia Act, reports Free Malaysia Today.

Microsoft’s president, Brad Smith, has called for regulation of facial recognition software in the US, reports VentureBeat. “In a democratic republic, there is no substitute for decision making by our elected representatives regarding the issues that require the balancing of public safety with the essence of our democratic freedoms.

Germany’s top telecoms regulator has set its sights on US technology groups such as Google and Facebook, insisting that providers of messaging and email services should be regulated just like ordinary telecoms companies, reports the Financial Times.

On the heels of the EU’s General Data Protection Regulation (GDPR), Europe is gearing up for its next big privacy push, this time taking aim at data collection within messaging apps. But critics contend the proposed law goes too far, potentially stifling innovation and hurting profits, according to an article in OWI Insight.

EU negotiators have sealed an agreement to allow non-personal data to move freely across the bloc and ban national laws that require companies to store data within a country’s borders, reports EurActiv.

In a 5-4 ruling, the US Supreme Court has decided that the government generally needs a warrant in order to access cell site location information, which is automatically generated whenever a mobile phone connects to a cell tower and is stored by wireless carriers for years, reports Wired.

The European Data Protection Supervisor, Giovanni Buttarelli, has set an agenda to tackle the “unbalanced ecosystem” being created in the digital economy. In a blog post, he has strong words for the big platform players: “The digital information ecosystem farms people for their attention, ideas and data in exchange for so called ‘free’ services.

Google is under investigation by the Australian Competition and Consumer Commission (ACCC) and the country’s Privacy Commissioner following claims that it collects data from millions of Android smartphone users, who unwittingly pay their telecoms service providers for gigabytes consumed by the activity, reports Reuters.

On 3 April 2018, the Association for Progressive Communications (APC), along with 93 civil society organisations from across the globe, sent a letter to the Secretary General of the Council of Europe, Thorbjørn Jagland, requesting transparency and meaningful civil society participation in the Council of Europe’s negotiations of the draft Second Additional Protocol to the Convention on Cybercrime...

The UK House of Lords Communications Committee has invited contributions to an inquiry on the regulation of the internet, under which the Committee will explore how the regulation of the internet should be improved, and whether specific regulation is required or whether the existing law is adequate.

Working Party 29 (WP29), the group that unites European data protection authorities, has announced “its full support” for investigations by national privacy authorities into the collection and use of personal data by and through social media.

The European Commission is proposing “a three-pronged approach to increase public and private investment in artificial intelligence (AI), prepare for socioeconomic changes, and ensure an appropriate ethical and legal framework.”

On 25 May the EU’s General Data Protection Regulation (GDPR) comes into force for the 28 member states, but the impact is already far wider as the regulation affects any organisation that keeps data on an EU citizen, which includes all the global internet giants.

An item in the law blog, Out-Law.com, notes that EU law makers are scrutinising the issue of metadata processing in the context of new EU laws on privacy and electronic communications (the e-privacy regulation). The Bulgarian presidency of the Council of Ministers has published a document that has highlighted that there are different views across national governments in the EU on the rules that should apply to metadata processing.

The European Commission’s high-level expert group on fake news and disinformation spread online has produced a report that suggests a definition of the phenomenon and makes a series of recommendations.

The digitisation of the power supply will make it vulnerable due to the increasing risk of error in the software, and not only as a result of cyberattacks, reports Telecom Paper, noting a report by the Dutch Council for the Environment and Infrastructure (Rli).

The French government has proposed legislation on cybersecurity that requires telecoms operators and online service providers to play a more active role in protecting the country's communications, reports Telecompaper.

The European Commission says social media companies need to do more to respond to the requests, made last March by the Commission and member states’ consumer authorities, to comply with EU consumer rules.

Telecoms and law professor Rob Frieden has written about a US National Security Council initiative that identifies the security and public safety benefits in having a government owned 5G wireless network leased by commercial ventures.

Experts on the security implications of emerging technologies have written a report that sounds the alarm about the potential malicious use of artificial intelligence (AI) by rogue states, criminals, and terrorists.

The Dutch government says it will come out this year with a strategy to help entrepreneurs and people in the Netherlands to benefit from the digital economy, notes Telecompaper. Secretary of State Mona Keijzer stated in an opinion that digitisation is not only about economics, but also touches on relationships in society, on safety and on accessibility.

The UAE's telecoms regulator has clarified that there is no change in its policy towards voice over internet protocol (VoIP) applications, following complaints by users that phone and video service Skype had been disrupted, reports The National.

Bulgaria will focus its attention on speeding up negotiations on the European Communications Code when it takes over the 6 month rotating presidency of the Council of Ministers in January, notes EurActiv.

Certain smartwatches for children can no longer be sold in Germany as some of these models are equipped with a “wiretapping” function, reports Deutsche Welle. Germany’s Federal Network Agency, or Bundesnetzagentur, announced the ban saying that these watches can be classed as ‘unauthorised transmitters’.

A review by the UK Council for Child Internet Safety (UKCCIS) evidence group, made up of researchers from the London School of Economics and Political Science (LSE), Middlesex University and the University of Central Lancashire, has highlighted the major risks, opportunities and emerging trends for children online.

Companies must tell employees in advance if their work email accounts are being monitored without unduly infringing their privacy, the European Court of Human Rights said in a ruling on defining the scope of corporate email snooping, reports Reuters.

US tech giants are back in Europe’s spotlight, reports the Financial Times. Facebook and Google are both in the headlines over sanctions from European authorities, with Google kicking off its fight against a €2.4bn EU fine for abusing its market dominant position.